The FBI sought a search warrant for the email account of former CIA and NSA chief Gen. Michael Hayden in 2012, according to a newly unsealed court filing. The warrant application was part of a broader Obama-era investigation into a leak of classified information to the press. Another official later pleaded guilty in connection to the disclosure.

The targeting of Hayden’s AOL email account drives home just how aggressively the Obama administration pursued leaks, in this case following a relatively thin lead all the way to the private email account of a retired four-star general. Hayden served as director of the National Security Agency from 1999 to 2005, and later led the CIA until his retirement in 2009.

And it is a very thin lead. All that's included in the warrant affidavit [PDF] is the fact that Hayden engaged in email conversations with two unnamed reporters a total of 30 times in 18 months. Given his position, it's surprising it didn't happen more often. Officials are always contacted by reporters when writing about subjects/programs/etc. they oversee. In the affidavit, the special agent notes many of these contacts were to "confirm quotes" to be used in published articles and books.

The inquiry here apparently centered on news of the Stuxnet virus and the US's involvement in the cyberattack. The only quote about Stuxnet attributed to Hayden was fairly innocuous, stating only that this was the first time a cyberattack had been used to "effect physical destruction."

As Poulsen points out, this investigation lead to a dead end, at least as far as its pursuit of Hayden as a leaker.

The FBI found no evidence that Hayden did anything wrong. But using similar tactics, the FBI eventually tracked the story to retired Marine Gen. James Cartwright. In 2016 Cartwright acknowledged he was a source for the article and pleaded guilty to a single count of lying to the FBI. Cartwright’s prosecution was widely criticized by freedom-of-the-press groups and government insiders, and Obama pardoned Cartwright shortly before leaving office.

What this dead-ended investigation does show is how aggressively our government pursues leakers and whistleblowers. NSLs, warrants, and anything else the government might find useful are being deployed to sniff out journalists' sources. The government may hesitate to place a journalist under direct surveillance, but it has no problem achieving the same ends by deploying these backdoor searches. Working its way backwards from government employees, the government can sweep up communications that would raise serious First Amendment issues if approached head-on. And it obviously has no qualms about grabbing the personal communications of team players who've fully bought into the system.

from the it's-everyone,-we-all-kinda-hate-the-government dept

[T]he former head of the CIA has a theory about a possible root cause of the leak: Millennials.

Michael V. Hayden, who was the CIA director until 2009, said that in order for the agency to engage in the digital espionage described by the documents, the agency must “recruit from a certain demographic” — in this case, younger hackers brought on to help with these efforts.

“I don’t mean to judge them at all, but this group of millennials and related groups simply have different understandings of the words loyalty, secrecy and transparency than certainly my generation did,” Hayden told the BBC in an interview this week. “And so we bring these folks into the agency, good Americans all, I can only assume, but again, culturally they have different instincts than the people who made the decision to hire them.”

That's Hayden's response to the CIA leak, which exposed the agency's exploits and device-targeting tactics. Hayden's saying people used to trust the government more. That's what this breaks down to, even if couched in Hayden's implicit demand youngsters remove themselves from his lawn, but leave any and all government documents behind.

"Transparency" should mean what it's always meant. But "transparency" is defined by government agencies and officials harboring zero desire to engage in it. We spent years listening to Obama pat himself on the back for increased government obfuscation and secrecy, something he referred to as the "most transparent administration." The word "transparency" is meaningless in the government's hands. That's why almost anything of significance is revealed by leakers/whistleblowers routing around the "official channels."

"Secrecy" means the same thing it always has as well. The government likes it. Citizens are not quite as enthralled with government secrecy, especially considering more and more of their lives are open books. An example: anyone shot by a police officer will have their criminal record immediately delivered to the press while EMTs are still checking for a pulse. Weeks or months will pass before law enforcement agencies release the name of the officer whose gun "discharged," much less their disciplinary record.

"Loyalty" still means the same thing, too. But the government's used to receiving it unconditionally. It has spent years abusing it and is finally seeing the consequences of its actions. Millennials may be the least willing to show loyalty to a government that has already mortgaged their future, but again, this crosses all ages. Loyalty isn't something the government can demand, not when it's done as much as it has to demonstrate why it's unworthy of it.

Undeniably, leaking is easier than ever, with multiple journalistic outlets offering multiple ways for the anonymous to dump their documents and grievances. Engaging in some sort of age discrimination at the federal level isn't going to stop the flow of leaks.

What's happening now is a severely-broken system reaching its apotheosis. With someone else in the Oval Office, we likely wouldn't be seeing nearly as many leaks. Almost as soon as the administration makes a claim (or a tweet), a leaked document or comment refutes it. Agencies are going rogue. Confidential conversations with administration officials are being discussed on social media by those involved in them.

Trump's tweets about subjects of investigations and national security-related matters show he cares just as little for secrecy or loyalty. His refusal to release information the public's been asking to see (tax returns, divestment plans, etc.) shows he cares little for transparency.

It also sets an example for others. The administration is seemingly moving from one disaster to the next without indicating it has a blueprint for the future. This helps generate even more leaks -- and not just because ill-advised moves tend to produce interesting documents and irate government employees. The leaks are continuous because no one's worried the administration will ever locate the sources. The constant flow sends a clear message: those leaking info and documents -- and there are a lot of them -- feel the President and his staff are too incompetent, or too easily-distracted, to track them down. The CIA may track down the source of the leaked documents, but it's heavily-invested in its own secrets, which has nothing to do with the hurricane of disruptive activity taking place in the White House. But those leaking info related to the current administration have little to fear.

The administration has managed to make enemies of several federal agencies. Federal agencies are amazing at stonewalling. The best. If the administration thinks it's going to get assistance rooting out leakers, it's in for yet another surprise. And the administration will continue to be unsurprisingly surprised by the resistance it faces when it shows up with guns loaded, looking for rogue messengers.

from the bad-news dept

Ashkan Soltani is a well known privacy expert who (among other things) worked with Barton Gellman at the Washington Post to analyze the Snowden documents for story worthy information -- an effort that won that series a Pulitzer Prize. Soltani has been hugely instrumental in reporting on other privacy-related issues as well, including being a part of the team that also a Pulitzer Prize finalist for the Wall Street Journal's excellent What They Know series on digital privacy issues. Basically he has a long history of doing great journalism around privacy. For most of the last year, he was also the Chief Technology Officer at the FTC. Back in December, it was announced that he had moved over to work for the federal government CTO, Megan Smith, in the White House as a senior advisor. The CTO's office has been collecting some fairly amazing tech talent recently.

However, now, just a few weeks after Soltani took the job in the White House, he's announced that he's left the job because he's been denied the security clearance necessary to do his job:

I am disappointed to announce my departure as Senior Advisor to the White House Chief Technology Officer, Megan Smith.

Smith hired me in December from the Federal Trade Commission, where I had served as Chief Technologist since late 2014. My mandate was to help Smith and her team work through hard questions on consumer privacy, the ethics of big data, and the recruitment of skilled technologists to government.

Those are vital issues, which have occupied me in and out of government, and I will continue to contribute what I can in other venues.

Last week the White House Office of Personnel Security notified me that I would not receive the security clearance necessary to continue to work at the White House. I'm told this is something that happens from time to time and I won't speculate on the reasons. I do want to say that I am proud of my work, I passed the mandatory drug screening some time ago, and the FBI background check was still underway. There was no allegation that it was based on my integrity or the quality of my work.

I was honored to serve at the FTC and in the White House. I wish the CTO and her amazing team success in the important work ahead.

Soltani says he won't speculate, but from the rest of his statement it's not hard to guess what the real reason is: his work with the Snowden documents in 2013. Back when Soltani first went to the FTC in late 2014, you had folks like former CIA and NSA boss Michael Hayden whine about his work on the Snowden documents and suggest it makes it inappropriate for him to hold a government job.

"I'm not trying to demonize this fella, but he's been working through criminally exposed documents and making decisions about making those documents public," said Michael Hayden, a former NSA director who also served as CIA director from 2006 to 2009. In a telephone interview with FedScoop, Hayden said he wasn't surprised by the lack of concern about Soltani's participation in the Post's Snowden stories. "I have no good answer for that."

And then you had former NSA General Counsel (and proud Techdirt hater), Stewart Baker arguing that Soltani should be barred from government work for his work on the Snowden docs:

Stewart Baker, a former NSA general counsel, said, while he's not familiar with the role Soltani would play at the FTC, there are still problems with his appointment. "I don't think anyone who justified or exploited Snowden's breach of confidentiality obligations should be trusted to serve in government," Baker said.

So it doesn't take too much reading between the lines to suggest that those in charge of handing out security clearance decided to "punish" Soltani by denying him clearance.

Of course, beyond being generally screwed up, it also is a bit ironic since Soltani's role was supposed to be about convincing techies to work in government. Want to know how not to do that? It's by pettily "punishing" Soltani for his journalism work.

from the didn't-see-that-coming dept

Earlier this summer, we were taken a bit by surprise when both former NSA/CIA boss Michael Hayden, along with former DHS boss Michael Chertoff, came out fairly strongly against backdooring encryption at a time when their counterparts still in the government seemed to be leaning in the other direction and have been pushing proposals to mandate backdoors. And it appears they're not backing down. Hayden has now doubled down with further statements against backdooring encryption, according to Lorenzo Franceschi-Bicchierai at Vice's Motherboard.

Michael Hayden, the former head of the US top spy agencies, the CIA, and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors.

The US is “better served by stronger encryption, rather than baking in weaker encryption,” he said during a panel on Tuesday.

Later, he told Lorenzo that part of his thinking is that the intelligence community doesn't need such backdoors since it has other ways of getting that info:

“In retrospect, we mastered the problem we created by the lack of the Clipper Chip,” he said. “We were able to do a whole bunch of other things. Some of the other things were metadata, and bulk collection and so on.”

Hayden is being a bit snarky there. He knows that privacy advocates will take his words about backdooring encryption and celebrate them, so he's using it at the same time to argue in favor of the other problematic programs -- programs that Hayden is most closely associated with involving mass surveillance. He's also being disingenuous. The metadata and mass surveillance efforts generally give you access to a different kind of information. What Hayden leaves out, of course, is the real reason why backdoors usually aren't that important: because there are almost always ways to hack into encrypted data, though that also raises serious questions.

Meanwhile, another former NSA director, Mike McConnell, has joined with the other two Michaels in arguing against backdoors. This according to Kaveh Waddell at the National Journal:

“Don’t get in the way of pro­gress,” Mc­Con­nell said Thursday at a pan­el dur­ing an en­cryp­tion sum­mit hos­ted by The Wash­ing­ton Post. “Don’t get in the way of in­nov­a­tion and cre­ativ­ity, be­cause this is go­ing to hap­pen. Some­body’s go­ing to provide this en­cryp­tion.”

Mc­Con­nell’s po­s­i­tion is a com­plete de­par­ture from the per­spect­ive he rep­res­en­ted in gov­ern­ment, a shift he has pub­licly ac­know­ledged. When he ran the Na­tion­al Se­cur­ity Agency in the 1990s, Mc­Con­nell was a vo­cal sup­port­er of the Clip­per Chip, a device de­veloped by the NSA that al­lowed the gov­ern­ment to de­crypt elec­tron­ic com­mu­nic­a­tions.

Of course, what's mostly left out of this discussion is that both McConnell and Hayden are now in the private sector -- Hayden at the Chertoff Group with Michael Chertoff, and McConnell at defense contracting giant (and former Ed Snowden employer) Booz Allen Hamilton -- where both have economic reasons for supporting actual stronger security, rather than undermining such security. Either way, in this debate, it seems that those pushing for backdooring encryption are increasingly being marginalized entirely. Even their normally faithful supporters have moved on into the world of reality, where backdooring encryption only leads to trouble.

The claims arise from the government's treatment of these whistleblowers after they started making noise about the NSA's surveillance programs. More specifically, the lawsuit points to the short-lived internet surveillance program THINTHREAD, which was ignored and abandoned in favor of something more expensive, but less protective of Americans' communications.

Plaintiffs worked in various roles on developing and perfecting a candidate program called THINTHREAD which was capable of performing the technical work desired by the NSA for surveillance of the internet efficiently, effectively, and at very low cost.

THINTHREAD was put into operation successfully but only on a demonstration basis. It was approved to demonstrate that it worked, but not officially commissioned for actual operational use.

Despite the Plaintiffs demonstrating that THINTHREAD actually worked, the NSA ignored THINTHREAD as a candidate for performing the desired surveillance of the internet and telephone communications, because THINTHREAD was inexpensive and highly effective, yet Lt. General Michael Hayden had made a corporate decision to “buy” externally rather than “build” internally the solution deemed necessary to harvest internet data.

$4 billion went into another program called TRAILBLAZER (THINTHREAD's internal development cost, by contrast, was only $4 MILLION), along with five years of development. In the end, TRAILBLAZER never worked properly and was abandoned by the NSA in 2006.

This wasteful "funneling" of funds to preferred government contractors was reported to the Dept. of Defense by four of the whistleblowers, under the heading of waste, fraud and misuse of taxpayers' money. The DoD wasn't happy. It issued a scathing internal report. But the NSA wasn't interested in having its faults pointed out. It sent the DOJ after the whistleblowers, using an unrelated leak of information about the NSA's expansive domestic surveillance programs to the New York Times as the impetus for a series of raids.

According to the filing, the raids were retaliatory. The government had already determined the plaintiffs had nothing to do with the leaks reported on by the New York Times. And it used faulty affidavits to justify the corresponding raids.

In fact, the affidavit for the search warrants are themselves based upon an illegal, warrantless phone tap and refer to a conversation illegally intercepted between Plaintiff Roark and Plaintiff William Binney, although misrepresenting the call’s contents. Further, the ultimate pretext for the search, a paper describing THINTHREAD at a high level that Binney had given the FBI, was falsely claimed by NSA to be classified. Thus, the search warrant affidavit is not only false but illegal.

The lawsuit also attempts to use the breadth and reach of known surveillance programs as proof the government knew the whistleblowers had nothing to do with the NYT leak.

Moreover, as later revealed by Edward Snowden, the NSA was even then, with the assistance of cooperating telephone and telecommunications companies, conducting mass interception and surveillance of all telephone calls within the domestic United States for the very purpose – at least so they claimed – of detecting both external and internal threats against the national security of the United States.

Therefore, through those phone and internet records, the Defendants had actual evidence at the time of the false affidavit and retaliatory searches and seizures that none of the Plaintiffs had communicated with the The New York Times or other journalists, except that Plaintiff Drake on his own had spoken confidentially with regard to public and /or unclassified information to the Baltimore Sun.

The end result of the FBI, NSA and DOJ's actions in response to whistleblowing (largely performed through proper channels) is a host of alleged civil liberties violations and other abuses, starting with the violation of 1998's Whistleblower Protection Act. From there, the whistleblowers allege violations of their First, Fourth and Fifth Amendment rights, along with malicious prosecution, intentional infliction of emotional distress and abuse of process.

It will be interesting to see where this goes. The government likely won't be able to dismiss the suit quickly, but the plaintiffs are going to run into a ton of immunity claims that will be buttressed by invocations of national security concerns. Their lawyer -- Larry Klayman -- has occasionally displayed his inability to distinguish between actionable claims and conspiracy theories, a tendency that doesn't improve the plaintiffs' chances of succeeding. But of all the outcomes I imagined for the stories of Drake, Binney, et al, taking these agencies on directly in federal court wasn't one of them.

from the going-dark? dept

Well, here's one we did not see coming at all. Both former Homeland Security boss Michael Chertoff and former NSA and CIA director Michael Hayden have said that they actually disagree with current FBI director Jim Comey about his continued demands to backdoor encryption. Given everything we've seen in the past from both Chertoff and Hayden, it would have been a lot more expected to see them both toe the standard authoritarian surveillance state line and ask for more powers to spy on people. At the Aspen Security Forum, however, both surprised people by going the other way. Marcey Wheeler was the first to highlight Chertoff's surprising take:

I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a back door even if you hedge it with the notion that there’s going to be a court order. And I say that for a number of reasons and I’ve given it quite a bit of thought and I’m working with some companies in this area too.

First of all, there is, when you do require a duplicate key or some other form of back door, there is an increased risk and increased vulnerability. You can manage that to some extent. But it does prevent you from certain kinds of encryption. So you’re basically making things less secure for ordinary people.

The second thing is that the really bad people are going to find apps and tools that are going to allow them to encrypt everything without a back door. These apps are multiplying all the time. The idea that you’re going to be able to stop this, particularly given the global environment, I think is a pipe dream. So what would wind up happening is people who are legitimate actors will be taking somewhat less secure communications and the bad guys will still not be able to be decrypted.

The third thing is that what are we going to tell other countries? When other countries say great, we want to have a duplicate key too, with Beijing or in Moscow or someplace else? The companies are not going to have a principled basis to refuse to do that. So that’s going to be a strategic problem for us.

He's right on all accounts, and does an astoundingly good job summarizing all of the reasons that many experts have been screaming about ever since Comey first started whining about this bogus "going dark" claim. But then he goes even further and makes an even more important point that bears repeating: it's not supposed to be easy for law enforcement to spy on people, because that has serious risks:

Finally, I guess I have a couple of overarching comments. One is we do not historically organize our society to make it maximally easy for law enforcement, even with court orders, to get information. We often make trade-offs and we make it more difficult. If that were not the case then why wouldn’t the government simply say all of these [takes out phone] have to be configured so they’re constantly recording everything that we say and do and then when you get a court order it gets turned over and we wind up convicting ourselves. So I don’t think socially we do that.

On top of that, he points out, as we and many others have, that even if you can't figure out what's in an encrypted message it does not mean you've really "gone dark." There are other ways to figure out the necessary information, and people always leave some other clues:

And I also think that experience shows we’re not quite as dark, sometimes, as we fear we are. In the 90s there was a deb — when encryption first became a big deal — debate about a Clipper Chip that would be embedded in devices or whatever your communications equipment was to allow court ordered interception. Congress ultimately and the President did not agree to that. And, from talking to people in the community afterwards, you know what? We collected more than ever. We found ways to deal with that issue.

Soon after that, at the same conference, Hayden spoke to the Daily Beast and more or less agreed (it is worth noting that Hayden works for Chertoff at the Chertoff Group these days). Hayden's denunciation of Comey's plan is not so detailed or thought out, and he admits he hopes that there is a magic golden key that's possible, but recognizing it's probably not, he thinks the damage may be too much:

“I hope Comey’s right, and there’s a deus ex machina that comes on stage in the fifth act and makes the problem go away,” retired Gen. Michael Hayden, the former head of the CIA and the NSA, told The Daily Beast. “If there isn’t, I think I come down on the side of industry. The downsides of a front or back door outweigh the very real public safety concerns.”

As the Daily Beast notes, this is -- to some extent -- a roll reversal between Hayden and Comey who famously clashed over Hayden's original warrantless wiretapping program after 9/11, with Comey actually arguing against some of the program (though what he argued against wasn't as complete as some believe). Still, it's quite amazing to see both Chertoff and Hayden point out what the tech sector has been telling Comey for months (decades if you go back to the original "crypto wars.") This isn't a question about "not wanting to do the work" but about the fact that any solution is inherently much more dangerous for the public.

from the funny-how-that-works dept

We've written enough about former NSA and CIA director Michael Hayden that you should already know to take what he says with a large grain of salt. He will say basically anything to further his argument, no matter how false or disingenuous. He doesn't appear to care. He's admitted that September 11th gave him permission to reinterpret the 4th Amendment. He's claimed that terrorist attacks that weren't prevented were proof for why the NSA should keep collecting metadata. He lied about whether he and others lied about the CIA's torture program. He claimed that the release of the Senate Intelligence Committee's exec summary of the CIA torture report would be the tipping point for terrorists attacking us (how'd that work out?). He's argued that no one who thinks Ed Snowden is a whistleblower should be allowed to work in government. He claimed that Senator Feinstein was too emotional about the CIA torture program to judge it effectively. And on and on and on.

It claimed that the USA Freedom Act would "hobble the gathering of electronic intelligence" and predicted gloom and doom as a result:

For starters, the bill ends the National Security Agency’s bulk collection of what is called telephone metadata. This includes the date, time, duration and telephone numbers for all calls, but not their content or the identity of the caller or called, and is information already held by telephone companies. The bill would substitute a cumbersome and untried process that would require the NSA, when it seeks to check on which telephone numbers have called or been called by a number reasonably associated with terrorist activity, to obtain a warrant from the Foreign Intelligence Surveillance Court, or FISA court, and then scurry to each of the nation’s telephone-service providers to comb through the information that remains in their hands rather than in the NSA’s.

Nothing in the bill requires the telephone companies to preserve the metadata for any prescribed period. Current Federal Communications Commission regulations impose an 18-month retention requirement, but administrative regulations are subject to change. It isn’t hard to envision companies that wish to offer subscribers the attraction of rapid destruction of these records, or a complaisant bureaucracy that lets them do it.

The bill’s imposition of the warrant requirement on the NSA would be more burdensome than what any assistant U.S. attorney must do to get metadata in a routine criminal case, which is simply to aver that the information is needed in connection with a criminal investigation—period.

He points to the rise of ISIS and says that "the last thing" that Congress should be doing is pushing "a major new bill exquisitely crafted to hobble the gathering of electronic intelligence."

Of course, we all know that was hogwash, but as if to underline that point, let's see what the very same Michael Hayden has to say after the USA Freedom Act passed and became law. Now, all of a sudden, he thinks the bill is so weak that it's an opportunity to mock privacy advocates because this was "all" that they could get:

If somebody would come up to me and say “Look, Hayden, here’s the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you’re going to be required to do is that little 215 program about American telephony metadata — and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself” — I go: “And this is it after two years? Cool!”

He's actually right about that second point -- which is why we've been saying repeatedly that USA Freedom needs to only be a starting point for real reform. However, given that Hayden's position on the bill flipped entirely within a period of eight months, it should emphasize that whenever you see Hayden fearmongering, it's bullshit. He's just doing that as a cynical political ploy to help the surveillance state get or keep its surveillance powers.

from the because-espionage dept

Given all the fuss over the ridiculous article this past weekend -- which has since been confirmed as government stenography rather than actual reporting -- security maven Bruce Schneier has written up an article making a key point. It's quite likely that the underlying point in the article -- that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters -- is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.

First, he notes, it's quite likely that Snowden -- as he has said -- no longer has access to the documents. But other people do. And they're not as knowledgeable about encryption and spycraft as Snowden is.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.

But, the second point is an even bigger one, which is that it's highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that's what spies do.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

Remember, this is the same government that's now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done. Hayden called it "honorable espionage work" by the Chinese and further notes that he "would not have thought twice" if he had the ability to get the same info from the Chinese.

These are the games that intelligence agencies play all the time. Schneier's piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents -- or that they even got them from Snowden's document dump -- seems quite dubious.

from the i-guess-the-terrorists-did-win dept

Michael Hayden, the former CIA and NSA director, has revealed what most people already suspected -- to him, the Constitution is a document that he can rewrite based on his personal beliefs at any particular time, as noted by Conor Friedersdorf at the Atlantic. Specifically, he admits that after September 11th, 2001, he was able to totally reinterpret the 4th Amendment to mean something entirely different:

In a speech at Washington and Lee University, Michael Hayden, a former head of both the CIA and NSA, opined on signals intelligence under the Constitution, arguing that what the 4th Amendment forbids changed after September 11, 2001. He noted that "unreasonable search and seizure," is prohibited under the Constitution, but cast it as a living document, with "reasonableness" determined by "the totality of circumstances in which we find ourselves in history."

He explained that as the NSA's leader, tactics he found unreasonable on September 10, 2001 struck him as reasonable the next day, after roughly 3,000 were killed. "I actually started to do different things," he said. "And I didn't need to ask 'mother, may I' from the Congress or the president or anyone else. It was within my charter, but in terms of the mature judgment about what's reasonable and what's not reasonable, the death of 3,000 countrymen kind of took me in a direction over here, perfectly within my authority, but a different place than the one in which I was located before the attacks took place. So if we're going to draw this line I think we have to understand that it's kind of a movable feast here."

While it's true that the 4th Amendment does ban "unreasonable search and seizure," it seems like quite an interpretation to argue that "reasonableness" depends on what some third party does to us. That seems morally dangerous -- and it seems like a direct admission to terrorists that if they want to eviscerate the rights of Americans, they just need to keep on attacking, because folks like Hayden will just interpret it to mean that they should take away more and more rights from Americans.

Then there was this other rather stunning admission. Hayden admits that the NSA wants to listen to anyone it finds "interesting," not just those they think are doing something bad:

"I am not a law enforcement officer. I don't suspect anybody. I am simply going out there to retrieve information that helps keep my countrymen free and safe. This is not about guilt. In fact, let me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information."

This is a rather refreshing admission -- as most of those who normally defend the surveillance state like to pretend that they're only listening to "bad" people. They trot out the "if you're not doing anything wrong, you have nothing to fear" argument all the time. Even Hayden himself has argued along those lines in the past. Yet here he is, more accurately saying that "if you're boring, you have nothing to fear" but "if we think you're interesting, you should be very afraid." And "interesting" is subject to a lot more vague interpretations than "reasonableness."

You can see his whole speech below, and while it's nice that he's finally admitting how malleable his own morals are, it's depressing that he ever had the power to use his flexible morals to spy on all of us -- and then did so.

from the surveillance-state-opportunists dept

In the wake of the attack on Charlie Hebdo in Paris yesterday, many people have been talking about various issues related to free speech and satire. We didn't have much to add to that discussion so we stayed out of it, but it's concerning to see that those who wish to suppress other civil liberties are jumping at the chance to use the attack yesterday as a jumping off point. Here are just a few examples. The NY Post ran an article saying that this proves the NYPD shouldn't have stopped its "Muslim Mapping" program:

...we believe the city should revisit its decision to dismantle the NYPD’s “Muslim Mapping” intelligence program.

The program was designed to provide exactly the kind of intelligence that would have been useful to police in Paris once they identified their three suspects in Wednesday’s terror attack. Namely, where they might go to find shelter or assistance.

And yet... the same thing is happening in other arenas as well. A year ago, both a court and the specially appointed task force set up to review the intelligence community's use of bulk metadata collection under Section 215 of the PATRIOT Act noted that there was absolutely no evidence at all that the bulk metadata collection was ever used to stop terrorist attacks.

And yet... former NSA and CIA director Michael Hayden went on cable news on Thursday morning to use the Charlie Hebdo attack as an excuse for why the program was so useful. After spending about four minutes talking about how these kinds of random small attacks are likely to be the new way terrorists attack, he then defends metadata collection:

Let me add another thought here too: You know, I was talking to you guys about 12 months ago, about these massive amounts of metadata that NSA held in storage. That metadata doesn't look all that scary this morning and I wouldn't be surprised if the French services pick up cell phones associated with the attack and ask the Americans, 'where have you seen these phones active globally?'.

Actually, no, that metadata does still seem pretty scary, because it also includes a hell of a lot more than just those responsible for the attack. And, it's not like law enforcement and the intelligence community can't go back to the operators currently responsible and ask them for that data. There's still no reason to believe that the NSA needs to just be sitting on this data all the time. And, of course, it doesn't seem like all that metadata helped prevent any attack, now did it?

Either way, it's kind of sickening to see this kind of opportunist crap, seeking to strip civil liberties and privacy rights from people, at the same time so many people are focusing on the other side of the story, about protecting free speech.